AI News Archive: May 31, 2026 — Part 4
Sourced from 500+ daily AI sources, scored by relevance.
- Claude Mythos exposed a hard truth: Your enterprise patching process is way too slow
In 2024, researchers from the University of Illinois found that GPT-4, when provided with a common vulnerabilities and exposures (CVE) description, could autonomously exploit 87% of a curated 15-vulnerability one-day dataset. Without the description, it could only exploit 7%. This provided a “margin of safety” for the industry because while AI could exploit known vulnerabilities, it could not discover them. However, on April 7, Anthropic announced that Claude Mythos Preview had closed that margin, with the model autonomously discovering thousands of zero-day vulnerabilities across major operating systems and browsers. Separately, Mythos scored 83.1% on the CyberGym vulnerability reproduction benchmark. In one campaign targeting OpenBSD across 1,000 scaffold runs, the total compute cost was less than $20,000. Exploitation timelines are collapsing. Langflow’s CVE-2026-33017 (CVSS 9.8) was exploited 20 hours after disclosure with no public proof-of-concept. Marimo’s CVE-2026-39987 (CVSS 9.3) was hit in 9 hours and 41 minutes . The defensive infrastructure most organizations rely on wasn’t designed for this. Rapid7’s 2026 threat landscape report states that the median time from CVE publication to CISA's known exploited vulnerabilities (KEV) listing is five days. Google’s M-Trends 2026 report found that exploitation is happening before a patch is even released. When the Langflow advisory was published, the first exploit arrived in 20 hours. When the Marimo advisory was published, it took under 10 hours. The assumption that your patch window is safe because exploitation takes time is no longer true. Here are your building blocks. Replace CVSS-only prioritization with a three-layer filter Most vulnerability management programs still prioritize by CVSS score alone. CVSS quantifies a vulnerability’s “theoretical” severity without considering whether a vulnerability is being exploited in the wild or how quickly someone could weaponize it. A CVSS 8.8 vulnerability with a history of active exploitation (like Docker’s CVE-2026-34040 ) gets lower priority than a CVSS 9.8 vulnerability that may never be exploited in the wild. A recent study validated against 28,377 real-world vulnerabilities offers a concrete replacement: A three-layer decision tree incorporating CISA KEV status, Exploit Prediction Scoring System (EPSS) scores, and CVSS, thus forming a singular prioritization filter. Three-Layer Vulnerability Prioritization Filter Layer Data source Threshold Action SLA 1. Active exploitation CISA KEV catalog Listed Immediate patching Hours 2. Predicted exploitation EPSS via FIRST.org Score ≥ 0.088 Escalate to Tier 0 pipeline 24 hours 3. Severity baseline CVSS via NVD Score ≥ 7.0 Typical remediation Per policy Validated result: 18x efficiency gain, 85.6% coverage of exploited vulnerabilities, ~95% reduction in urgent remediation workload. All three data sources are open and free. The described integration is entirely automatable. It’s possible to build a script to query the CISA KEV API, the EPSS API from FIRST.org, and the NVD , and have that script run against your asset inventory for every published CVE. The human in this process should remain in the loop as an approver, but not as the trigger. Close the agent authorization gap Creating exploits quickly not only changes how patches are prioritized, but how controls are configured for all the agent-driven systems that now possess privileged credentials. Your authorization policies have not been assessed against the behavior of AI agents, and that is now a measurable risk. CVE-2026-34040 showed that Docker’s authorization plugin architecture silently bypasses every plugin when the request body exceeds 1MB. Common AuthZ plugins (OPA, Casbin, Prisma Cloud) are unaware of this type of bypass, which occurs in Docker’s middleware before the request reaches the plugin. When Cyera demonstrated this vulnerability , they showed that an AI agent debugging infrastructure could infer the bypass path while completing a legitimate task, without any instruction to exploit anything. The Internet Engineering Task Force (IETF) is working on authorization models for agents. The document draft-klrc-aiagent-auth-01 , published in March by participants from AWS, Zscaler, Ping Identity, and OpenAI, proposes the use of the current Secure Production Identity Framework for Everyone (SPIFFE) and OAuth 2.0 for AI agents to obtain dynamically provisioned and short-lived credentials. Separately, the IETF Agent Identity Protocol draft (draft-prakash-aip-00) reports that out of about 2,000 surveyed model context protocol (MCP) servers, none had authentication. But these standards are months to years away from implementation. For now, security teams must proactively incorporate agent-level test scenarios for all authorization boundaries, such as oversized requests, burst frequency, and multi-step escalation of privileged requests. Map your credential blast radius In a survey conducted by CSA/Zenity and published on April 16, 53% of organizations said they had already seen cases where AI agents exceeded their intended permissions, and 47% experienced a security incident involving an agent. When AI builder tools such as Flowise (CVE-2025-59528, CVSS 10.0), Langflow, or n8n become compromised, the blast radius extends far beyond the host. These tools contain API keys to frontier models, database credentials, vector store tokens, and OAuth tokens to business systems. A compromised AI builder host is not just a single-system breach. It is a credential harvest that unlocks authenticated access to every connected service. Without credential dependency maps for each AI tool host, incident response for agent compromise is guesswork. For every instance, document each credential, the extent of its access, and the relevant credential rotation process. Also begin migrating static API keys to short-lived tokens where downstream services allow. Five actions for this quarter 1. Deploy the three-layer KEV-EPSS-CVSS filter Substitute CVSS-only prioritization according to the table above. Automate the collection of data from all three APIs as part of a scheduled script against your asset inventory. Desired outcome: 18 times more efficient, 85.6% coverage of exploited vulnerabilities, 95% reduction in urgent remediation workload. 2. Implement event-driven patching for Tier 0 services. Determine which services fall under the critical exposure tier: Services exposed directly to internet users, AI builder hosts, and container orchestration control plane. Trigger event-driven patching on a CVE publication instead of waiting for the next maintenance window for this tier. Goal: deploy patch to canary within four hours of a CVE being declared critical. Use the CISA KEV and EPSS feeds to trigger event-driven patching. In situations where it is impossible to meet the goal of four-hour patching because of legacy dependencies, change-freeze windows, or rollback risk, immediately apply compensating controls such as removing internet exposure to the vulnerable service, rotating credentials for the vulnerable service, disabling affected functionality of the service (if applicable), and identifying an exception owner for the exposure until a patch can be deployed. It is not acceptable to allow unbounded exposures for extended periods while awaiting a maintenance window. 3. Test authorization boundaries at agent scale. Create test cases for every API that AI agents may communicate with via AuthZ policies. Specifically, include test cases for requests exceeding 1MB, 5MB, and 10MB body sizes. This includes test cases for burst rate > 100 requests per second and test cases for unusual parameter combinations (privileged flags, host mounts, capability additions). Additionally, patch to Docker Engine 29.3.1 to fix CVE-2026-34040. 4. Credential blast radius mapping for all AI builder hosts. Document each credential for each Langflow, Flowise, n8n, and custom AI pipeline instance. Classify each credential by its lifespan (static key vs. short-lived token). Identify what each credential can access. Set up alerts for anomalous IP or identity for any credential access. 5. Shadow AI discovery scan for this week. According to CSA data, there is a greater than 50% chance that your agents have exceeded their expected boundaries. Check your Security Information and Event Management (SIEM) and network monitoring tools for communications to the default ports of the AI builder: Langflow 7860, Flowise 3000, and n8n 5678. Any unauthorized instances are an unmonitored attack surface. The takeaway AI agents are emerging, and t he standards bodies are responding. The IETF has multiple drafts related to agent authentication and authorization. The Coalition for Secure AI has published its MCP Security taxonomy and Secure-by-Design principles . But these standards move at standards-body speed, and the exploit window is now measured in hours. Organizations that implement the three-layer filter and event-driven patching this quarter will have a measurable reduction in exposure. Those who wait will be running calendar-based patch cycles against an adversary that operates in less than 20 hours. Nik Kale is a principal engineer specializing in enterprise AI platforms and security
- 😹 Grok killed a whole town in 4 days
PLUS: One company burned $500M on AI in a month
- Tired of Copilot in Windows 11? Here is how to remove it
Tired of Copilot in Windows 11? Here is how to remove it azcentral.com and The Arizona Republic
- Team Global Express has the logistics for AI use in place
Brings first 12 "AI agents" into production.
- No green thumb needed with this $20 AI-powered plant app (MSRP $60)
No green thumb needed with this $20 AI-powered plant app (MSRP $60) Austin American-Statesman
Score: 14🌐 MovesMay 31, 2026https://www.statesman.com/shopping/article/plantum-ai-plant-identifier-plan-deal-22276509.php - Data centers need water. Texas oil companies think they have the solution.
Data centers need water. Texas oil companies think they have the solution. Houston Chronicle
- The endless data centre whine threatening to blight Britain’s peaceful countryside
The endless data centre whine threatening to blight Britain’s peaceful countryside The Telegraph
Score: 10🌐 MovesMay 31, 2026https://www.telegraph.co.uk/business/2026/05/31/data-centre-noise-pollution-threatening-british-countryside/ - I went looking for the AI weed vape that gives you Bitcoin for smoking
Gudtrip is the most ridiculous AI/crypto/weed product to ever touch the internet. Could it possibly be real?
Score: 09🌐 MovesMay 31, 2026https://www.theverge.com/ai-artificial-intelligence/933916/ai-powered-crypto-cannabis-vape - I asked AI how to stop home mold — it told me to ‘Burp’ my house
I asked AI how to stop home mold — it told me to ‘Burp’ my house Tom's Guide
Score: 08🌐 MovesMay 31, 2026https://www.tomsguide.com/ai/i-asked-ai-how-to-stop-home-mold-it-told-me-to-burp-my-house - Erin Brockovich takes aim at data center secrecy
Environmental activist Erin Brockovich has a new mission.
Score: 08🌐 MovesMay 31, 2026https://techcrunch.com/2026/05/31/erin-brockovich-takes-aim-at-data-center-secrecy/ - Slack community - Qualcomm AI Hub
Slack community - Qualcomm AI Hub Qualcomm AI Hub
- Safiria Leccese Caught in Deepfake Loan Scam
Artificial Intelligence has struck her as well. Safiria Leccese has also fallen victim to a scam---one that involved her personally, without her knowledge. She is mortified about it. In an interview with the weekly magazine Nuovo, the Media ... (https://incidentdatabase.ai/cite/1508#7333)
Score: 00🌐 MovesMay 31, 2026https://www.ilmessaggero.it/en/safiria_leccese_caught_in_deepfake_loan_scam-9565595.html - “Siamo tutti in un mare di guai, noi e i nostri figli. Hanno rubato la mia immagine con l’AI per chiedere soldi, molte persone sono cadute nella truffa”: la denuncia di Safiria Leccese
Safiria Leccese fa ancora fatica ad accettare di essere finita al centro di un raggiro. Uno dei volti al femminile più apprezzati di Mediaset è apparsa in un video diffuso in rete in cui all'interno del "suo" studio di Super partes -- il pr ... (https://incidentdatabase.ai/cite/1508#7332)
- Couplelens
Couplelens
- Image To Video AI Free
Image To Video AI Free
- Coralflavor Unfiltered AI
Coralflavor Unfiltered AI
- Decoding Hierarchical Cell-Cell Communication in Spatial Multi-Omics with CellSTIC
Cell-cell communication helps to coordinate tissue development, homeostasis, and immune responses, but identifying signaling interactions within intact tissues remains difficult. Although single-cell transcriptomics has enabled systematic inference of ligand-receptor interactions, dissociation disrupts spatial context and limits the identification of bona fide local signaling and region-specific communication programs. Spatial transcriptomics and spatial multi-omics offer the opportunity to study communication in situ, but current approaches often either incompletely integrate heterogeneous modalities or return long lists of ligand-receptor pairs that are difficult to interpret mechanistically. Here, we present CellSTIC, a framework for resolving cell-cell communication in spatial multi-omics as structured communication programs grounded in tissue architecture. Rather than treating ligand-receptor interactions as isolated candidates, CellSTIC integrates multimodal evidence from local tissue neighborhoods and organizes communication into a hierarchical semantic representation that remains traceable to the underlying molecular interactions. This design enables communication to be analyzed not only at the level of individual ligand-receptor pairs but also across broader functional modules that can be compared across tissues, regions, and biological states. Across multimodal simulations with ground-truth annotations and multiple real tissue datasets, CellSTIC robustly recovered spatially coherent communication structure and spatial domains. It further resolved communication programs across three complementary dimensions: hierarchical organization in immune microenvironments, spatially restricted signaling in complex brain architecture, and developmental and regenerative remodeling across embryonic and post-injury contexts. Together, these results establish CellSTIC as a general framework for linking tissue architecture to intercellular signaling programs in situ and for generating mechanistic hypotheses from spatial multi-omic data.
- Instance-Wise Contrastive Graph Neural Network Enables the Discovery of Novel Aedes aegypti Larvicidal Compounds
Aedes aegypti remains a major arboviral vector, making larval control a critical strategy to reduce mosquito populations. However, resistance to commercial larvicides has reduced the long-term effectiveness of current interventions, reinforcing the need for new compounds with improved potency and selectivity. Here, we present an instance-wise contrastive graph neural network (GNN) framework to accelerate the discovery of novel larvicidal compounds. The model was trained on a curated dataset of 556 organic compounds organized into LC50-derived multitask classification thresholds and integrated Transformer-inspired graph learning with whole-molecule and fragment-level contrastive regularization. This model achieved strong held-out performance, with global AUC = 0.95 {+/-} 0.01, PR-AUC = 0.93 {+/-} 0.01, and MCC = 0.77 {+/-} 0.03, outperforming conventional machine learning and graph-based baselines. Predictive uncertainty analysis and counterfactual maps further supported the interpretation of threshold-sensitive predictions and substructural contribution patterns. The model was applied to screen 1.3 million compounds, resulting in 10 candidates for experimental validation. Three compounds showed measurable larvicidal activity against A. aegypti larvae. Among them, LC-79 emerged as the most promising hit, with 2-day and 5-day LC50 values of 0.24 {micro}g/mL (0.66 {micro}M) and 0.05 {micro}g/mL (0.13 {micro}M), respectively, an IE50 of 0.06 {micro}g/mL (0.16 {micro}M), and rapid larval mortality (LT50 = 1.10 days at 1 {micro}g/mL). LC-79 also showed no measurable acute toxicity to Daphnia magna at the highest tested concentration [EC50-48h >43 {micro}g/mL (>119 {micro}M)], resulting in selectivity indices >180 and >915 relative to its 2-day and 5-day LC50 values. Overall, this study demonstrates that contrastive graph learning can move beyond retrospective larvicide modeling to experimentally validated hit discovery, identifying LC-79 as a potent and preliminarily selective acylthiourea larvicide candidate for further mechanism-of-action, resistance, and semi-field evaluation.
- Electrically programmable picoscale phototransduction of a newly discovered microbial rhodopsin
Human retina can achieve single-photon sensitivity through specialised photoreceptors that convert light into electrical signals via phototransduction. Among microbial light-sensitive proteins, proteorhodopsins stand out for their intrinsic light-driven ion transport and spectral tunability, making them promising candidates for bio-inspired photonic devices. A central challenge for acellular integration, however, is the fragility of most bacterial rhodopsins under extreme conditions. Here, we exploit the exceptional robustness of TARA76, a microbial rhodopsin that retains structural integrity even upon complete dehydration, to demonstrate its functional reconstitution in an artificial black lipid membrane within a biocompatible microfluidic platform. By recording light-induced ionic currents with picoampere sensitivity across a broad range of pH, illumination power, electrolyte composition, and applied voltages, we establish TARA76 as a high-performance photoelectric transducer in a fully acellular environment. Strikingly, we uncover a strong and previously unreported dependence of the photocurrent on Na ions, which appears to play a key structural and functional role in stabilising the protein's active conformation. Furthermore, we demonstrate that the orientation of TARA76 within the artificial membrane can be externally controlled by applying a defined electric field during bilayer formation, enabling deterministic tuning of photocurrent directionality. Together, these results establish a robust and miniaturisable bio-photonic platform with direct implications for quantum light sensing, neuromorphic bioelectronics, and next-generation artificial retinal interfaces.
- Patien
AI medical scribe that writes clinical notes in seconds
- SpaceX, OpenAI fundraising sparks investor hunt for Asia’s next AI winners beyond chipmaking giants
Fresh fundraising and potential IPOs by OpenAI, SpaceX and Anthropic are driving investors to seek new AI opportunities across Asia. Bloomberg reported that firms involved in components, servers, packaging, connectivity and energy infrastructure could benefit from the next wave of AI spending.
- US AI companies' fundraise plans spur bets on future Asian winners
Fundraising by OpenAI, SpaceX and Anthropic is fuelling investor bets that the next winners of the AI boom could emerge from Asia's supply chain
- SpaceX, OpenAI windfall fuels bets on next-wave Asian AI winners
SpaceX, OpenAI windfall fuels bets on next-wave Asian AI winners The Straits Times
- US takes step to halt Nvidia AI chip shipments to Chinese overseas subsidiaries
The US Department of Commerce on Sunday moved to close a year-old potential loophole it had created that may have led companies to export the world’s most advanced chips – such as Nvidia’s most sophisticated Rubin and Blackwell processors, as well as AMD’s MI350x – to Chinese entities located outside China. The unexpected guidance suggests the United States’ best artificial intelligence chips may have been making their way to the subsidiaries of Chinese AI firms based in places such as Malaysia...
- U.S. takes step to halt Nvidia AI chip shipments to Chinese firms outside China
U.S. takes step to halt Nvidia AI chip shipments to Chinese firms outside China The Japan Times
- U.S. to stop companies sending Nvidia AI chips to Chinese firms outside China
It is unclear how many chips have been exported in the year that the Trump administration left the door open
- US to halt Nvidia AI chip shipments to Chinese firms outside China
The unexpected guidance suggests the United States' best AI chips may have been making their way to the subsidiaries of Chinese AI firms based in places like Malaysia.
- AI firm MiniMax prepares for mainland China listing after shares surge in Hong Kong
MiniMax Group, the Chinese artificial intelligence model company, has officially kicked off plans to sell shares in mainland China. This offers onshore investors access to AI players beyond chipmakers and completes a dual-listing status in addition to Hong Kong. The Shanghai-headquartered company signed an agreement with Citic Securities on Friday, hiring the brokerage to help prepare for a sale of yuan-denominated shares. While other details on the listing are scant, it is widely expected that...
- China’s MiniMax begins domestic IPO preparations
The company also said it had more than 1 million users of its AI-based enterprise services.
- SoftBank plans 75 billion euro AI data center buildout in France
SoftBank plans to build AI data centers with up to 5 gigawatts of capacity in France, the company's largest AI infrastructure investment in Europe, at up to 75 billion euros. By 2031, facilities worth 45 billion euros are set to go up at three sites in northern France. SoftBank's mega announcements keep stacking up worldwide, but many projects have yet to materialize. The article SoftBank plans 75 billion euro AI data center buildout in France appeared first on The Decoder .
- SoftBank plans up to €75 billion investment in French AI centers
SoftBank plans up to €75 billion investment in French AI centers The Japan Times
- SoftBank to spend up to $87 billion on French AI data centers — country offers ample nuclear grid that US sites lack
SoftBank carries over $130 billion in debt and took a $40 billion bridge loan in March to fund its latest OpenAI investment.
- SoftBank vows to spend $87.5 billion on AI centers in France
Japanese tech investor SoftBank will spend 75 billion euros (US$87.5 billion) on artificial intelligence infrastructure in France, its founder Masayoshi Son told a French newspaper in an interview released Saturday.
- Japan’s SoftBank to Spend Billions on AI Data Centers in France
Japan’s SoftBank to Spend Billions on AI Data Centers in France Barron's
- Adani says US legal issues ‘behind us’, bets on AI-driven infrastructure boom
Adani Group is now accelerating investments across energy, transport, logistics and digital infrastructure, positioning itself to benefit from rising demand for artificial intelligence-led growth, Gautam Adani said
- ‘I’m cancelling’: As Microsoft’s GitHub Copilot moves to token-based billing, developers fear rising AI costs
‘I’m cancelling’: As Microsoft’s GitHub Copilot moves to token-based billing, developers fear rising AI costs
- Meta is rumored to be working on an AI pendant, and smart glasses different to what we've seen before
We've got a couple of Meta hardware rumors to sort through, and AI is of course central to them.
- Keep Forgetting What You Said? Meta Could Be Working on a Transcribing AI Pendant
Keep Forgetting What You Said? Meta Could Be Working on a Transcribing AI Pendant PCMag Australia
- Anthropic Hits $965B Valuation, Overtakes OpenAI as Most Valuable AI Startup
Anthropic valued at $965B, surpassing OpenAI
- I'm an iPhone user who switches to Gemini with Android Auto in the car - why I don't regret it
Gemini can help with a variety of tasks when behind the wheel. All you need is an Android phone and a car with Android Auto.
- After the AI binge, companies balk at soaring bills
After the AI binge, companies balk at soaring bills The Straits Times
- After the AI binge, companies are baulking at soaring bills
After the AI binge, companies are baulking at soaring bills The Straits Times
- After the AI binge, companies balk at soaring bills
After the AI binge, companies balk at soaring bills
- Australian researchers teach brain cells to play Doom video game
Australian researchers teach brain cells to play Doom video game The Japan Times
- As the Pentagon pushes for battlefield AI, some military leaders urge caution
As the Pentagon pushes for battlefield AI, some military leaders urge caution Toronto Star
- As the Pentagon pushes for battlefield AI, some military leaders urge caution
As the Pentagon pushes for battlefield AI, some military leaders urge caution San Francisco Chronicle
- As the Pentagon pushes for battlefield AI, some military leaders urge caution
The Trump administration is pushing to use artificial intelligence in the U.S. military even as it faces calls for caution from some companies and military leaders.
- As the Pentagon pushes for battlefield AI, some military leaders urge caution
As the Pentagon pushes for battlefield AI, some military leaders urge caution Houston Chronicle
- As the Pentagon pushes for battlefield AI, some military leaders urge caution
The Trump administration is pushing to use artificial intelligence in the U.S. military even as it faces calls for caution from some companies and military leaders
- As the Pentagon pushes for battlefield AI, some military leaders urge caution
As the Pentagon pushes for battlefield AI, some military leaders urge caution Austin American-Statesman